Multiple Dell SmartFabric OS10 Software Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-39577 CVSS:7.1

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.

CVE-2024-37125 CVSS:7.5

Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service.

Impact

Denial of Service
Code Execution

Indicators of Compromise

CVE

CVE-2024-39577
CVE-2024-37125

Affected Vendors

Dell

Affected Products

Dell SmartFabric OS10 Software - 10.5.6.x - 10.5.5.x - 10.5.4.x - 10.5.3.x

Remediation

Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.

Dell Security Advisory

Kimsuky Uses New Malware FPSpy and KLogEXE in Focused Attacks – Active IOCs

Attackers May Use Only License Plates to Remotely Control Kia Vehicles

Multiple Dell SmartFabric OS10 Software Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan